package jdbc03;

import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Scanner;

public class SqlInject {
	
	private static Scanner scanner = new Scanner(System.in);
	public static void main(String[] args) {
		System.out.println("username: ");
		String username = scanner.nextLine();
		System.out.println("password: ");
		String password = scanner.nextLine();
		
		String sql = "select * from besuper.player where username = '"
				+ username + "' and password = '" + password + "'";
		
		System.out.println("SQL: " + sql);
		
		Connection conn = null;
		Statement stmt = null;
		ResultSet rs = null;

		try {
			conn = MyJdbcConnection.getConnection();
			stmt = conn.createStatement();
			rs = stmt.executeQuery(sql);

			while (rs.next()) {
				int id = rs.getInt("id");
				String name = rs.getString("name");
				int score = rs.getInt("score");
				String uname = rs.getString("username");

				System.out.println("id: " + id 
						+ ", name: " + name 
						+ ", score: " + score 
						+ ", username: " + uname);
			}
		} catch (SQLException e) {
			e.printStackTrace();
		} finally {
			MyJdbcConnection.clean(conn, stmt, rs);
		}
	}

}
